Remove obsoleted SSL_PRIVATE_KEY configuration

With the key rotation in place, eliminate the use of the SSL_PRIVATE_KEY configuration which pointed to a specific non-changing JWK.
author: Frederick Muriuki Muriithi 2024-07-18 16:54:07 -0500
committer: Frederick Muriuki Muriithi 2024-07-31 09:30:21 -0500
commit: 8a3a16f25f6d87b6cf679c888eacba816415baa9 (patch)
tree: 7331f7c89ada5074a798c7fed923b9c8ab052498 /gn_auth/auth/authorisation
parent: ddb2b6804672c982568be891b35a5352cc6263b0 (diff)
download: gn-auth-8a3a16f25f6d87b6cf679c888eacba816415baa9.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py
index 2eda72b..bccac08 100644
--- a/gn_auth/auth/authorisation/resources/views.py
+++ b/gn_auth/auth/authorisation/resources/views.py
@@ -18,6 +18,7 @@ from gn_auth.auth.requests import request_json
 
 from gn_auth.auth.db import sqlite3 as db
 from gn_auth.auth.db.sqlite3 import with_db_connection
+from gn_auth.auth.jwks import newest_jwk, jwks_directory
 
 from gn_auth.auth.authorisation.roles import Role
 from gn_auth.auth.authorisation.roles.models import (
@@ -491,7 +492,8 @@ def get_user_roles_on_resource(name) -> Response:
             "email": _token.user.email,
             "roles": roles,
         }
-        token = jwt.encode(jose_header, payload, app.config["SSL_PRIVATE_KEY"])
+        token = jwt.encode(
+            jose_header, payload, newest_jwk(jwks_directory(app)))
         response.headers["Authorization"] = f"Bearer {token.decode('utf-8')}"
         return response
author	Frederick Muriuki Muriithi	2024-07-18 16:54:07 -0500
committer	Frederick Muriuki Muriithi	2024-07-31 09:30:21 -0500
commit	8a3a16f25f6d87b6cf679c888eacba816415baa9 (patch)
tree	7331f7c89ada5074a798c7fed923b9c8ab052498 /gn_auth/auth/authorisation
parent	ddb2b6804672c982568be891b35a5352cc6263b0 (diff)
download	gn-auth-8a3a16f25f6d87b6cf679c888eacba816415baa9.tar.gz